Adaptable CA
Venafi builds and delivers software drivers designed to connect with many of the most common certificate authorities (CAs), application servers, and enterprise monitoring systems for notification use cases. But if the Venafi Driver Library does not include the driver you need, you can use a Venafi Adaptable Driver. In fact, because they are customizable, you can use an Adaptable driver in place of an existing driver to provide tighter integration between your business processes and Trust Protection Platform.
Adaptable drivers provide a common set of variables required by the majority of applicable use cases that are supported by Trust Protection Platform natively. Some Adaptable drivers also let you define additional text fields, yes/no (Boolean) fields, and a password credential field, which you can then use to elicit different behaviors or to pass additional data to the system or service to which you are integrating.
Adaptable drivers depend on a Microsoft PowerShell script hosted in your local environment to execute functions corresponding to standard certificate lifecycle stages or Trust Protection Platform events.
NOTE Venafi's Adaptable drivers can be used when a CA or application driver does not yet exist, or they can be used in place of an existing driver that requires tighter integration between your business and Trust Protection Platform than the custom driver provides.
NOTE To work effectively with any Venafi adaptable solution, you must have some working knowledge of PowerShell scripting, or you must have equivalent experience with a scripting language similar to PowerShell.
Adaptable Certificate Authority (CA) attributes
In the TLS Protect > Policy Tree > Certificate Authorities section, you can configure the following Adaptable CA attributes.
-
Enable Linked Certificate Selector allows you to configure linked certificate information when requesting a certificate. Some Certificate Authorities (CAs) can use linked or parent certificate information when issuing additional related certificates. For instance, DigiCert can issue duplicate certificates when the order or transaction ID of the parent certificate is specified. This feature enables you to specify the location of the linked object and the attribute to read for the order ID or other configuration data. The information will be included in the adaptable CA script within the specific hashtable as the linked certificate's attribute data during the SubmitCSR stages.
-
Linked Certificate allows you to specify a certificate that will be linked with a parent or duplicate certificate. This link can be beneficial when working with Certificate Authorities (CAs) that have the capability to issue child or duplicate certificates.Linked Certificate:
-
Linked Certificate Attribute Name allows you to specify the name of the configuration attribute that will be read from the linked certificate object. This attribute will then be passed to the PowerShell script's specific hashtable as the linked certificate's attribute data.
What's next?
Before implementing Adaptable CA drivers, carefully review prerequisites and learn more about the required PowerShell script.
See Adaptable CA prerequisites and About the Adaptable CA PowerShell script.